DAST: Additional arguments for ZAP are ignored
Summary
ZAP recognizes several command-line params https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan (for example -j
to run the AJAX spider). DAST is (intended to) passing these parameters along to ZAP https://gitlab.com/gitlab-org/security-products/dast/blob/master/analyze#L45. However, this does not work as intended and additional params are ignored.
Steps to reproduce
Run the DAST image with additional parameters (e.g. -j
to use the AJAX spider)
docker run /analyze -t http://goat:8080/WebGoat/attack -j
-j
will be ignored